12-26-2000 01:59 PM - edited 02-21-2020 11:15 AM
(Note: This message was posted as part of the "Ask the Expert" Event on configuring Cisco IPSec VPNs that took place December 11 - December 21. Feel free to respond to or form discussions around this question.)
Posted by: rspiandorello SPIANDORELLO
I'd like to know if i can have problems in building vpn between pix firewalls that don't use internet connection in the outside interface for vpn channel, but use a backbone with routers placed in their dmz interfaces for vpn channel.
Thank you
Renato
12-29-2000 07:20 AM
Im not very clear on your topology but I can tell you that IP in a private network functions identically to IP in a public network. In fact it actually functions better because you have more control over a private network. I think with current PIX code you can terminate your tunnels on the perimeter interfaces but you can definitely tunnel through it and terminate on other devices as well. How many interfaces do you have up on the PIX? Where are the tunnels terminating?
01-03-2001 02:24 AM
I have 2 pix firewalls with 3 interfaces: inside, outside (with internet connection) and dmz interfaces.
I have to build a vpn that terminates on the 2 pix dmz interfaces. I have a leased line that connects 2 routers that are in the 2 dmz pix lans, so pixs can comunicate with that private channel.
Thank you
Renato
01-05-2001 02:22 PM
I think that topology looks fine. You should be able to terminate your VPNs through the perimeter interfaces on the respective PIXs as long as you are running current code. Id check to see what version you have because some of the earlier ones dont have perimeter support. Let me know if this helps you out.
01-05-2001 08:34 AM
REnato,
it really does not matter if you set up the vpn either through the public network (internet) or by any other means. The media between is just transport media. As long as you have an "IP environment" you can build pix-to-pix vpn.
No problem....
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: